Wireshark-bugs: [Wireshark-bugs] [Bug 2689] New: [PATCH]: enhanced "what's past last mpls label?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2689
Summary: [PATCH]: enhanced "what's past last mpls label?"
heuristic
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: francesco.fondelli@xxxxxxxxx
FF <francesco.fondelli@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1971| |review_for_checkin?
Flag| |
Created an attachment (id=1971)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=1971)
[PATCH]: enhanced "what's past last mpls label?" heuristic
Build Information:
wireshark 1.0.99-SVN-25387
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.8.15, with GLib 2.10.1, with libpcap 0.9.4, with libz
1.2.3, with POSIX capabilities (Linux), with libpcre 6.3, without SMI, without
ADNS, without Lua, without GnuTLS, with Gcrypt 1.2.2, with MIT Kerberos,
without
PortAudio, without AirPcap.
Running on Linux 2.6.18.1, with libpcap version 0.9.4.
Built using gcc 4.1.0 20060304 (Red Hat 4.1.0-3).
--
Hi all,
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
The new logic to dissect data after last mpls label is:
if (!dissector_try_label(mpls_subdissector_table, label, ...)) {
if (nibble == 6) {
call_dissector(ipv6_handle, ...);
} else if (nibble == 4) {
call_dissector(ipv4_handle, ...);
} else if (nibble == 1) {
dissect_pw_ach(next_tvb, ...);
} else if (nibble == 0) {
if (looks_like_plain_eth(next_tvb)) {
call_dissector(eth_withoutfcs_handle, next_tvb, ...);
} else {
dissect_pw_mcw(next_tvb, ...);
}
} else {
call_dissector(eth_withoutfcs_handle, ...);
}
}
The mpls protocol dissector has now a subdissector table indexed by label.
If the user specifies a binding (through "Decode as...") label N <--> proto X
wireshark will pass data past last mpls label to dissector X. If there is
no label2proto binding the legacy "first nibble based" algorithm (corrected and
enhanced) is used.
the original code was:
if (ipvers == 6) {
call_dissector(ipv6_handle, next_tvb, pinfo, tree);
} else if (ipvers == 4) {
call_dissector(ipv4_handle, next_tvb, pinfo, tree);
} else if (ipvers == 1) {
dissect_mpls_control(next_tvb, pinfo, tree);
} else {
call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, tree);
}
dissect_mpls_control() is now called dissect_pw_ach() (ach stands for
Associated Channel Header) as per RFC 4385 terminology.
dissect_pw_mcw() (mcw stands for MPLS Generic/Preferred Control Word)
is called only if the first nibble is 0 (as per RFC 4385) and if the
first 12 bytes of data look like two mac addresses.
Ethernet PWs are common nowadays with and without CW (control word:
4 bytes between last mpls label and the encapsulated ethernet header)
in service provider networks. I have been told few times that
"wireshark doesn't work" because of the CW presence. This patch
"automagically" provides a valid dissection in most common "eth
PWs with/without CW" cases.
Moreover, this patch allows wireshark users to manually provide info
in case the heuristic fails.
If you accept this changes new dissectors, one for each type of PW
encapsulated traffic, can be easily implemented (packet-pw-eth.c is
provided as a starting point).
- Structure-Agnostic Time Division Multiplexing (TDM) over Packet
(SAToP) (RFC 4553)
- Structure-Aware Time Division Multiplexed (TDM) Circuit Emulation Service
over Packet Switched Network
(CESoPSN) (RFC 5086)
are at the top of my to-do list.
I have used and fuzz-tested this code. Please check it in.
Ciao
FF
ps
patch is against svn #25387 but unfortunately is a "diff -ru dir1 dir2"
because I cannot "svn diff" anymore due to bad bad proxy settings,
sorry, it should work fine anyway.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.